NotCVE - vendor:"Emc" product:"Rsa Archer Egrc" version:"5.5"

Page 2 of 12 results (0.009 seconds)

CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2016-0899

https://notcve.org/view.php?id=CVE-2016-0899

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. EMC RSA Archer GRC 5.5.x en versiones anteriores a 5.5.3.4 permite a usuarios remotos autenticados leer el archivo web.config.bak y obtener información sensible de credenciales, modificando la configuración IIS para establecer una cabecera Content-Type para archivos .bak. • http://seclists.org/bugtraq/2016/Jun/54 http://www.securitytracker.com/id/1036080 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-0542

https://notcve.org/view.php?id=CVE-2015-0542

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. Vulnerabilidades de CSRF múltiples en EMC RSA Archer GRC 5.5 SP1 en versiones anteriores a P3, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://seclists.org/bugtraq/2015/Aug/85 http://www.securityfocus.com/bid/76404 http://www.securitytracker.com/id/1033300 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2014-4633

https://notcve.org/view.php?id=CVE-2014-4633

Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC RSA Archer GRC Platform 5.x anterior a 5.5.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-12/0073.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-0641

https://notcve.org/view.php?id=CVE-2014-0641

Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en EMC RSA Archer GRC Platform 5.x anterior a 5.5 SP1 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html http://www.securityfocus.com/bid/69289 http://www.securitytracker.com/id/1030738 https://exchange.xforce.ibmcloud.com/vulnerabilities/95361 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-2505

https://notcve.org/view.php?id=CVE-2014-2505

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. EMC RSA Archer GRC Platform 5.x anterior a 5.5 SP1 permite a atacantes remotos provocar la descarga de código arbitrario, y como consecuencia cambiar la funcionalidad del producto, a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2014-08/0097.html http://www.securityfocus.com/bid/69290 http://www.securitytracker.com/id/1030738 https://exchange.xforce.ibmcloud.com/vulnerabilities/95360 •

1 2 3